Navi’s Commitment to Responsible AI

AI is now part of the day-to-day work in accounting and professional services. You can feel the momentum building. It helps teams save time, support coaching and create space for more advisory conversations that clients value.

At the same time, firms are right to pause and ask questions. You work with sensitive client information. You protect relationships that have been built over years. Before you bring AI into that world, you want to feel comfortable with how it handles your data and what safeguards stand behind it.

That is why we were genuinely excited when CPA.com released its AI due diligence framework. It gives firms clear guidance, with fifty thoughtful questions across six domains that get to the heart of what matters most. Data privacy. Security. Controls. Design. Accuracy. Risk. These are the same themes we hear in conversations with firms every day.

At XcelLabs, we welcome those questions. And here’s where we usually start.

1. Is our data safe?
This is almost always the first question, and honestly, it should be.

When you bring AI into the workflow, you want to know exactly what data is being used, where it goes, and whether it’s being used for anything beyond the task at hand. You also want clarity about what happens to that data afterward.

Navi keeps this simple. We store only what we need to provide the service: uploaded transcripts, evaluation scores, explanatory reasoning and account-related information. Your data is logically isolated by tenant, which prevents cross-customer access.

And here’s the big one. Your data is not used to train Navi’s models or any third-party models. When we use external models through a secure API, your data is processed only for that specific evaluation. Data is encrypted in transit and at rest. You can request an export of your data or permanent deletion at any time.

No surprises. No fine print. Just a clear commitment to keeping your data safe and entirely under your control.

2. Can we trust the output?
From there, firms want to know if they can trust the output. That’s probably because we’ve all heard about AI hallucinations. Those are moments when an AI model sounds confident but gets the facts wrong. In accounting, that is not something you can work around. You need output you can rely on.

That is why Navi is built as a decision-support tool, not an autonomous decision-maker. The system is not generating new facts or offering open-ended advice. Instead, it works inside a structured evaluation framework with a clear rubric. It reads the transcript you upload and applies that rubric consistently.

Each evaluation includes structured scores and explanatory reasoning, so you can see how the assessment was made and decide how to use it. Nothing hidden. Nothing black-box.

That design makes Navi the co-pilot, and it lets your team stay firmly in control of the judgment and decisions that matter.

3. Are there controls and accountability?
Even when the tech feels seamless, you still need to know what’s happening behind the scenes. That’s just good governance. Firms want to understand who has access, what protections are in place, what gets logged and how issues are handled if something goes wrong.

XcelLabs takes those questions seriously. Access is limited through role-based permissions, multi-factor authentication and least-privilege principles. System activity and evaluation processing are logged so your team has visibility whenever you need it.

And if something does happen? There’s a documented incident response process that covers containment, investigation, remediation and customer notification when applicable.

We are also building toward a SOC 2 Type II report, which is one of the clearest ways to show that security controls do not just look good on paper. They work consistently over time. Instead of a single snapshot, Type II evaluates how safeguards operate across months of real use. It is a deeper level of accountability and reflects our commitment to human-first technology.

Additional FAQ

Who owns intellectual property created from my data?
You retain ownership of uploaded transcripts, evaluation scores and analysis outputs. XcelLabs does not claim ownership of customer data.

Can we export our data and logs if we move platforms?
Yes. You can request export of transcripts, evaluation scores and related data. Customers may also request permanent deletion of their data at any time.

Can you provide a data-flow explanation?
Yes. We can walk you through how transcript data is uploaded, processed, stored and returned as evaluation results, including where external AI processing is used.

Where do you use generative AI?
Navi uses AI for to help analyze transcript content and apply its structured evaluation rubric. AI is used inside a defined framework to support consistency and coaching insights. Human review remains central. It’s also used for general chats within the Navi platform.

Security Matters
Most firms aren’t looking for AI that simply looks impressive in a demo. They are looking for AI they can use with real client work without creating new risk.

That’s exactly how we think about responsible AI at XcelLabs. We combine structured AI use, human review and practical safeguards so you can move forward with confidence and protect the trust your firm is built on.

If you’d like a deeper dive, check out our response to all 50 CPA.com due diligence questions.